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Amendments {9 the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the application: 

T KtiTig of Claims: 

1 . (Currently amended): A computer implemented method M efeed for controlling access to 
protected contents on a server using a mob ile security module, the computer implemented 
method requiring the following components to be present: 

a) a server; 

b) a client; 



com puter implemented method comprises oharaotoriaod by the following steps: 

aa) sending to the server of a request to call up protected-access contents; 
bb) sending from the server to the client of an authentication module to be run in the 
client; 

cc) execution of an authenticatioti protocol for authenticating the mobile security 

module and, where appropriate, its holder by means of the authentication module; 

dd) if the authentication in step cc) was successful, addition to the request in step aa) 
of a session ID which was generated in the course of the communications between 
the authentication module and the server; 

ee) sending of the new request to the server application; 

fi) checking of the session ID in the request to see that it is recorded in the server; 
gg) processing of the content requested for transmission and searching of the contents 

for further links to other protected-access contents; 
hh) addition of the session ID to the links identified;_an^ 
ii) sending of the content modified as in step hh) to the client, 



protected 
e) 



d) 



area 



a reader for a mobile security module; 

a mobile s ecurity module associated w ith the client and having at least one 
for storing a ke y: and 

a data line for communications between client and server; an,fl wherein the 
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2. (Original): Method according to claim 1, characterized in that the server is a web server 
and the protected contents are web pages which are called up via a browser by a URL request 
from a client. 

3. (Original): Method according to claim 1. characterized in that the authentication protocol 
is executed in the followed steps: 

jj) generation of a random number by the server application when the content 
requested is access-protected and the requirements for access have not been satisfied, and 
sending of the random number to the authentication module 

kk) sending of the random number from the authentication module to the mobile 
security module 

11) generation in the mobile security module of a digital signature which takes 
account of the identity number of the mobile security module, the random number and the key of 
the mobile security module 

mm) sending of the digital signature to the server 

nn) checking of the correctness of the digital signature using the security module of 
the server. 

4. (Original): Method according to claim 2, characterized in that the server application is a 
servlet and the client authentication module is an authentication applet and in that on receipt of a 
URL request the servlet checks the URL request for the presence of a session ID and if there is 
no session ID present sends an authentication applet containing a random number to the client. 

5-6. (Canceled) 

7. (Original): Method according to claim 3, characterized in that the digital signature is 
generated by means of a symmetrical' encryption algorithm with the help of a secret key agreed 
between client and server, or by means of an asymmetrical encryption algorithm with the help of 
a private key, the server being in possession of the public key, 
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8. (Original): Method according to claim 7, characterized in that the symmetrical 
encryption algorithm is DES or triple DBS and the asymmetrical encryption algorithm is RSA, 
DSA or an elliptic curve algorithm, 

9, (Original): Method according to claim 4 a characterized in that if the digital signature 
docs not agree, the servlet sends an error message to the client applet. 

10-11. (Canceled) 

12. (Currently amended): Method according to claim 1, characterized in that the session ID 
is given a period of validit y and wherein the session ID lose s its validity on exoirv of a fixed 
time or when a session is terminated bv means o f a lop-off pace. 

13. (Canceled) 

14. (Original); Method according to claim 1 > characterized in that the session ID generated 
in step dd) is recorded in a tahle and in that the presence of an entry in the table is a requirement 
for access to all the protected-access pages. 

15-22, (Canceled) 

23. (Currently amended): A computer implemented m ethod, in a client, for controlling 
access to protected contents using a mob ile security module, the computer implemented method 
comprising: 

sending a request for protected content to a server; 

receiving an authentication applet and a random number from the server, -wherein the 
random number is generated at the Berver; 

executing the authentication apple t, wherein the aut hentication annlet initiates 
communication with a mobile security module a ssociated with the client: 

sending, by the authentication applet, the random number to the_[[a]] mobile security 
module, wherein the mobile security module includes a cryptographic key and wherein the 
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mobile security module generates a cryptographic signature based on the key and the random 
number; 

receiving, by the authentication applet, the cryptographic signature from the mobile 
security module; 

sending, by the authentication applet, the cryptographic signature to the server; and 
responsive to the server authenticating the cryptographic signature, receiving a session 
identifier from the server. 

24. (Previously presented): The method of claim 23, further comprising: 

sending a second request for the protected content to the server, wherein the second 
request includes the session identifier. 

25 > (Previously presented): The method of claim 23 > wherein the mobile security module 
includes an individual number for the mobile security module and wherein the mobile security 
module generates the cryptographic signature based on the individual number. 

26. (Previously presented): The method of claim 25, further comprising: 

receiving, by the authentication applet, the individual number from the mobile security 
module; and 

sending, by the authentication applet, the individual number to the server for 
authentication. 

27. (Currently amended): An apparatus, in a client, for controlling access to protected 
contents using a mobile security module, the apparatus comprising: 

means for sending a request for protected content to a seorver; 

means for receiving an authentication applet and a random number from the server, 
wherein the random number is generated at the server; 

means for executing the authentication applet, wherein the authentication applet initiates 
communication with a Tnobile security module associated with the client; 

means for sending, by the authentication applet, the random number to the,[[a]] mobile 
security module, wherein the mobile security module includes a cryptographic key and wherein 
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the mobile security module generates a cryptographic signature based on the key and the random 
number; 

means for receiving, by the authentication applet, the cryptographic signature from the 
mobile security module; 

means for sending, by the authentication applet, the cryptographic signature to the server; 

and 

means for responsive to the server authenticating the cryptographic signature, receiving a 
session identifier from the server. 

28, (Previously presented): The apparatus of claim 27, further comprising: 

means for sending a second request for the protected content to the server, wherein the 
second request includes the session identifier, 

29, (Previously presented): The apparatus of claim 27, wherein the mobile security module 
includes an individual number for the mobile security module and wherein the mobile security 
module generates the cryptographic signature based on the individual number. 

30, (Previously presented): The apparatus of claim 29, further comprising: 

means for receiving, by the authentication applet, the individual number from the mobile 
security module; and 

means for sending, by the authentication applet, the individual number to the server for 
authentication. 

31, (Previously presented): The apparatus of claim 27, wherein the mobile security module 
is a chip card and wherein the client includes a chip card reader. 

32, (Previously presented): The apparatus of claim 27, wherein the client is a Web client, 
wherein the server is a Web server, and wherein the protected content is a Web page. 



Page 6 of 2 8 
Bendel et al. - 09/584,605 



PAGE 10/34 * RCVD AT 6/27/2006 4:08:24 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-2/3 ' DNIS:2738300 * CS1D:972 385 7766 * DURATION (mm-ss):11-08 



Jun 27 2006 3: 10PM YEE 8. RSSOCIRTES, P.C. 



(972J 385-77GG 



p. 1 1 



33, (Currently amended): A computer program product, in a computer readable medium, for 
controlling access to protected contents using a mobile security module, the computer program 
product comprising; 

instructions for sending a request for protected content to a server; 

instructions for receiving an authentication applet and a random number from the server, 
wherein the random number is generated at the server; 

instructions for executing the authentication applet, wherein the authentication applet 
initiates communication with a mobile security module associated w ith the client, and wherein 
the mobile security module is a chin card, and wherein the applet is configured to perform the 
following steps: 

send the random number to a mobile security module, wherein the mobile security 
module includes a cryptographic key and wherein the mobile security module generates a 
cryptographic signature based on the key and the random number; 

receive the cryptographic signature from the mobile security module; 

send the cryptographic signature to the server; and 

responsive to the server authenticating the cryptographic signature, receive a 
session identifier from the server, 

34. (New): The computer implemented method of claim l f wherein the mobile security 
module is a chip card and wherein the client includes a chip card reader, 

35. (New): The computer implemented method of claim 23 , wherein the mobile security 
module is a chip card and wherein the client includes a chip card reader. 
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